526互联

https部署与docker下nginx的转发+文件获取

发布时间 2023-05-23 13:57:49作者: 中亿丰数字科技
  1. 进入nginx容器查看是否有etc/nginx/cert目录
  2. 将https的域名证书放到cert目录下
  3. 配置80和443
server {
    #listen 80; #侦听80端口
    listen 80; #侦听443端口,用于SSL
    server_name  127.zyfdtsite.com;

    client_max_body_size 1024m;

    #charset koi8-r;
    #access_log  /var/log/nginx/log/host.access.log  main;

    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.213.16.9:9000/;
        #add_header Content-Security-Policy upgrade-insecure-requests;
    }
    
    #前端大屏
    location /screen {
        alias /usr/share/nginx/screen;
        index index.html index.htm;
        #autoindex on;
    }
    location /api/ {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.213.16.9:9001/;

    }
    
    location /ws {
            proxy_pass http://127.16.1.187:9004/;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}
server {
    #listen 80; #侦听80端口
    listen 443 ssl; #侦听443端口,用于SSL
    server_name  127.zyfdtsite.com;

    ssl_certificate /etc/nginx/cert/127.zyfdtsite.com_bundle.crt;
    ssl_certificate_key /etc/nginx/cert/127.zyfdtsite.com.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

    client_max_body_size 1024m;

    #charset koi8-r;
    #access_log  /var/log/nginx/log/host.access.log  main;

    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.213.16.9:9000/;
        #add_header Content-Security-Policy upgrade-insecure-requests;
    }

    location /api/ {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.213.16.9:9001/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    }

    location /danyang/ {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.213.16.9:9002/dyzyy/new/;
        #add_header Content-Security-Policy upgrade-insecure-requests;
    }

    location /danyang/dp/ {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.213.16.9:9002/dyzyy/;
        #add_header Content-Security-Policy upgrade-insecure-requests;
    }

    location /danyang/api/ {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.213.16.9:9002/zhongyiyuan/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    }

    location /danyang/iot/ {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.213.16.9:9002/iotZongyiyuan;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    }
    
    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}
  1. 新建容器时配置自启参数
    docker run --restart=always 容器id 或 容器名称
  2. 已存在的容器配置自启
    docker update --restart=always 容器id 或 容器名称
    另外:1)取消容器自启
    docker update --restart=no 容器id 或 容器名称
    2)批量设置容器自启
    docker update --restart=always $(docker ps -aq)

作者:袁天奇